Messages

1

24.7 Production Series / Re: IPS/IDS filling my log file

« on: September 10, 2024, 07:46:39 pm »

Interesting - I posted earlier to https://forum.opnsense.org/index.php?topic=42729.0
and also to the suricata board https://community.emergingthreats.net/t/opnsense-suricata-rule-update-for-et-telemetry/1952/2

2

Intrusion Detection and Prevention / Admin / Advanced / Home Networks - IPv6 prefix?

« on: September 09, 2024, 10:44:35 am »

I noticed under 'Home Networks' in Administration, that the listed IPv6 address is wrong (I changed ISPs a few weeks back). I now have a dynamic IPv6 prefix - I thought that would be updated automatically?

Any suggestions?

3

Intrusion Detection and Prevention / Suricata rule update issues (24.7.3)

« on: September 09, 2024, 10:43:38 am »

I'm seeing various errors like

2024-09-09T06:00:02   Error   send_heartbeat.py   unexpected result from https://opnsense.emergingthreats.net/api/v1/telemetry (http_code 502)

2024-09-09T00:00:02   Error   rule-updater.py   download failed for https://opnsense.emergingthreats.net/api/v1/ruleset/engine/suricata/5 (http_code: 502)

2024-09-09T00:00:01   Error   rule-updater.py   download failed for https://opnsense.emergingthreats.net/api/v1/ruleset/version (http_code: 502)

These have been happening since 2024-09-04 and occur daily.

No network issues I"m aware of
I have an et_telemetry.token

4

24.7 Production Series / Re: (? ipv6 patch related only) opnsense 24.7.2 update = fails to boot

« on: August 22, 2024, 08:23:30 pm »

I think reverting whilst an update was 'known' was a mistake that caused a bad sequence  (there was no failure reported).

Glad it's working for others, and the above reminds me I like using proxmox :-)

5

24.7 Production Series / Re: opnsense 24.7.2 update = fails to boot

« on: August 22, 2024, 12:35:11 pm »

Just to confirm, I did restore from snapshot *prior to my ipv6 patching*.
I reapplied 24.7.2 which worked fine.

So I suspect an unfortunate sequence in reverting the update whilst 24.7.2 was available, and then doing the update caused this

Thanks for the explanation - not really looked into the openbsd boot process (vs linux)

6

24.7 Production Series / Re: opnsense 24.7.2 update = fails to boot

« on: August 22, 2024, 10:32:38 am »

Posted error to imgur (no images here?) - not rendering, direct URL is https://imgur.com/ZQ5TNbE

7

24.7 Production Series / (? ipv6 patch related only) opnsense 24.7.2 update = fails to boot

« on: August 22, 2024, 10:30:04 am »

I had 24.7.1 running (Intel N100, proxmox) with the IPv6 patches
I ran `opnsense revert` and then the update in the UI + reboot

Upon reboot ->

Fortunately I have backups/snapshot so can revert to the previous config

8

24.7 Production Series / Re: [CALL FOR TESTING] PPPoE restructuring and IPv6 improvements

« on: August 22, 2024, 09:58:39 am »

Is there a new patch for 24.7.2 or is existing patch ok?
So far have reverted and applied 24.7.2

9

24.7 Production Series / Re: [CALL FOR TESTING] PPPoE restructuring and IPv6 improvements

« on: August 11, 2024, 03:41:10 pm »

Tried out the patch & rebooted(pppoe, ipv6 dual stack, /48 prefix dynamically retrieved) - all seems to work fine

10

24.7 Production Series / Re: Kernel panics after upgrade to R1

« on: July 17, 2024, 09:29:19 pm »

Just to say I've not had any kernel panics with the initial 24.7.r1 - uptime 14 hours
n100 miniPC running Proxmox 8.2.4 16GB ram
opnsense 24.7.r1 in an 8GB VM with 1xintel i226v passthrough (wan) and 1 proxmox/linux bridge
Connection is pppoe, dual stack ipv4/v6
Simple config - using unbound, suricata (lan), crowdsec

All is 'just working'. Not seeing any unexpected kernel issues.

Nice job :-)

11

24.7 Production Series / Re: WAN IPv6 issue after update to recent beta 24.7.b_127

« on: June 26, 2024, 11:50:39 pm »

Also on beta. Just to mention IPv6 working great here (pppoe). About 75pc of my traffic. Slaac on clients. ISP gives me a /48. LAN has /64 . No noticeable impact from beta update


Sent from my iPhone using Tapatalk

12

24.7 Production Series / Re: Smooth install

« on: June 14, 2024, 06:26:26 pm »

I also noticed 'check for updates' returns

The release type "opnsense" is not available on this repository.

Presumably just a beta vs release issue?

13

24.7 Production Series / Re: Smooth install

« on: June 14, 2024, 06:23:53 pm »

Thanks!

I swapped back to the beta image, enabled the -devel versions of the plugins I'd previously had installed, and then restored the latest configuration.

After this the system is working normally. Specifically et telemetry rules are loaded (I did need to explicitly click the button to download rules). Crowdsec is also working. Other plugins seem ok at a quick glance.

However I notice the UI complains about misconfiguration. I've not yet tried automated resolution

14

24.7 Production Series / Smooth install

« on: June 14, 2024, 02:36:42 pm »

I'm running opnsense on a proxmox vm - HW is N100, 4 core, 16GB. VM hsa 4GB ram 4 vcpu. WAN is Intel I226V passthrough, LAN is proxmox bridge. Internet is PPPoE to a ONT and a 500/70 service. IPv4/6 dual stack

Easy to backup/restore due to proxmox

Seabios for previously install, but UEFI (secure boot disabled) for this one.

Install went cleanly. I chose UFS , and restored my previous configuration.
Basics - dhcp, unbound, pppoe all seemed fine.

I did realise however that a variety of plugins I use (ET Telemetry, crowdsec, qemu,git-backup, chrony,haxproxy are curretly in use) etc for security are not available. That's not a surprise of course (I just didn't think of that!) - and quite a few of these very clearly are tier 3, but for now I've opted to revert to the stable version for now. It will be interesting to see if the security plugins in particular become available in the beta cycle.

Looks good!

15

Development and Code Review / setting up development environment: git clone stops

« on: May 31, 2024, 09:21:35 am »

I've been trying to setup a development environment as per https://docs.opnsense.org/development/workflow.html

As a base I used a clean vm from the latest opnsense image. I've also tried on a clear OpenBSD 14 OS.

I hit the same issue as reported in https://forum.opnsense.org/index.php?topic=5009.msg19937#msg19937 where the git clone hits an error on the src repo

>>> Cloning /usr/src:
Cloning into '/usr/src'...
remote: Enumerating objects: 3352210, done.
remote: Counting objects: 100% (395998/395998), done.
remote: Compressing objects: 100% (112732/112732), done.
error: RPC failed; curl 56 Recv failure: Connection reset by peer
error: 7666 bytes of body are still expected
fetch-pack: unexpected disconnect while reading sideband packet
fatal: early EOF
fatal: fetch-pack: invalid index-pack output
*** Error code 128

I use git a lot, but mostly on macos & linux. network is solid, low latenxy ~ 500/70.  I was able to clone the src repo fine on both of these

Oddly, whilst the x86 (via proxmox) VMs failed, a FreeBSD 14 on macoS (arm) succeeded in doing the git clone.

Updating the opnsense dev environment (base+packages) made no difference

I've tried a variety of suggestions to change compression behavior, buffer sizes etc, but these have not been effective so far.

Whilst not opnsense specific, it does look some kind of freebsd issue, perhaps config... Any ideas?